---> Package openssl.x86_64 1:1.0.1e-51.el7_2.2 will be updated
---> Package openssl.x86_64 1:1.0.1e-51.el7_2.4 will be an update
---> Package openssl-devel.x86_64 1:1.0.1e-51.el7_2.2 will be updated
---> Package openssl-devel.x86_64 1:1.0.1e-51.el7_2.4 will be an update
---> Package openssl-libs.x86_64 1:1.0.1e-51.el7_2.2 will be updated
---> Package openssl-libs.x86_64 1:1.0.1e-51.el7_2.4 will be an update
I am enjoying an environment configured to only allow TLSv1.2 and deny everything else. It may not be a realistic option for everyone, but for anything new built in 2015 and later is the only sensible choice.
11 comments
[ 4.4 ms ] story [ 38.3 ms ] threadhttps://www.openssl.org/news/secadv/20160301.txt
hmm, still at openssl-1.0.1e-51.el7_2.2.x86_64
https://security-tracker.debian.org/tracker/source-package/o...
So of 8 #openssl things forthcoming, all but two low severity ones were already fixed in #libressl - You won't need to patch #libressl today
https://twitter.com/bob_beck/status/704693297583788032
http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/...
Deployed it in all of 2 minutes this morning. Ansible rocks.